How does the company manage data security? 1. Establish and improve the information security system.
Establish and improve the system, process and standard system of information security process management, and implement the whole process control of information system security planning, planning, implementation, operation and supervision. Rolling revision of information security systems and standards, and constantly consolidating the company's information security standardization management foundation.
2. Continue to strengthen the basic management of information security.
First, strengthen information security education and training, introduce information security simulation training platform, and adjust the original single on-site training to multiple, regular training, quarterly and semi-annual rolling through the network to continuously strengthen and improve employees' information security awareness and behavior norms; The second is to deepen the construction of the existing information security defense system, strengthen the security protection of the information extranet, standardize the terminal management of the information extranet, and improve the protection ability of the information extranet against DDos attacks. Popularize and implement information security access platform and security terminal, illegal outreach monitoring system, identity authentication (RA) system, document protection system and unified vulnerability patch management system; The third is to popularize and implement the comprehensive information security management system, which mainly includes compliance control, risk control and management control. The fourth is to promote the secure access of smart grid information system, and study the secure access of power acquisition system, transmission line monitoring system, warehouse management system and vehicle management system of Chongqing Company according to the requirements of the overall plan of unified and strong smart grid information security of State Grid Corporation.
3. Effectively improve the operation level of information systems.
First, according to the requirements of power grid safety production and operation management, strengthen the operation management of information system and establish an advanced information dispatching and operation system. Further bring all information systems into the company's unified information operation team, strictly abide by the discipline of safe operation, and strictly control operation and maintenance, operation and maintenance, planned maintenance, fault notification and handling. The second is to carry out operation and maintenance standardization. Formulate standard operating procedures for information system operation, implement standardized operating procedures (SOP), and strictly manage the three links before, during and after operation. Strictly implement the working ticket system, and strictly examine and approve the operation procedures such as fault handling, upgrade and configuration change, debugging and shutdown; Through the safety audit system, the whole process of all operations is recorded, and the whole process control of the main links of operations from approval and execution to inspection and audit is realized. Operators should carry out the system of licensed operation, and important operations must be supervised by two people present. Strengthen the scientific management of operation site work, standardize operation standards and improve the quality of system operation and maintenance. The third is to strengthen the work of three synchronizations. Ensure that information security measures are planned, implemented and put into production synchronously with SG-ERP business construction, so that the whole life cycle security management of information systems runs through the five stages of information system planning, design, implementation, operation and maintenance, and abandonment, and clarify the responsibility requirements of all participating departments. Establish an information system security review system, build an application system project management platform, and control the information system security from the aspects of security management and security technology.
4. Deepen information security supervision.
First, by improving the equipment and tools of the information security technology testing team, we will build an information security laboratory, gradually improve the hardware facilities of the information security testing team, and improve the accuracy and precision of technical testing. The second is to implement the purpose of full participation, full qualification and full safety. In the form of training and technical exchange between SERC and State Grid Corporation of China, information security inspectors are trained with certificates to improve their professional skills, promote the standardization and standardization of information security supervision, and build a first-class information security technical supervision team. The third is to establish a supervision and listing system and strengthen the rectification mechanism for problems found by supervision. Deepen daily and special inspections and carry out advanced inspections on information security. Strengthen supervision notification, set a benchmark for company supervision, and promote typical experience of supervision. Integrate and expand the functions of inspection tools, build a safety inspection platform, improve the inspection efficiency and standardize the inspection work through the analysis of safety inspection experts.
5. Vigorously cultivate information system operation and maintenance talents.
Promote the operation and maintenance team to work with certificates, broaden the vision of operation and maintenance personnel, adapt to the potential requirements of the rapid development of information technology, improve the ability of operation and maintenance personnel to monitor, respond and actively discover threats, control new products and technologies, and timely discover and deal with new risks, establish a high-quality talent team in operation and maintenance of information technology, and ensure the safe, stable and reliable operation of the company's information system.
How do companies manage data security? 1. Analyze objectively, face up to the problems and make up for the deficiencies.
The hidden dangers of production safety accidents are mainly manifested in the dangerous state of things that may lead to accidents in production and business activities, unsafe behaviors of people and management defects. As we all know, the real problems faced by enterprises at present are: the main responsibility of enterprises is not implemented, the safety awareness of employees is not high, professionals are lacking, the quality of employees is uneven, the mobility is large, the foundation of construction projects is weak, and the safety investment is seriously insufficient. Enterprises should strictly control the standardization requirements of safety production, seek truth from facts, repent and turn over a new leaf, strive to improve the conditions of safety production and improve the level of safety production in enterprises.
Two, increase training, not rigidly adhere to the form, stress practical results.
As the saying goes:? Inadequate safety training is the biggest safety hazard? The revised "New Security Law" once again emphasizes that enterprises must provide special safety education and training for employees. Safe production month? Many places also incorporate the importance of education and training into publicity activities. But in practical work, many enterprises, for? Education training? It is difficult to achieve the purpose of education and training because it is a mere formality and tired of coping. It is suggested that enterprises should fully understand the importance of training, not stick to the form, and often organize diverse, rich and meaningful training, such as playing accident scenes and case studies with multimedia; Lead employees out to visit and study, and invite experts in? Consultation? Hidden dangers, self-presentation.
Third, increase investment in safety funds to promote practical results through supervision.
As a safety worker, in the daily inspection, it is often found that many enterprises have hardly equipped their employees with labor protection articles according to the relevant national standards and industry norms. Some of them cope with the inspection and temporarily buy products without any signs from the market, and some even have no protective articles. There are still some problems in the financial expenditure of enterprises, such as unclear safety expenditure, insufficient quota or none. Safety funds are the guarantee of safe production and greater economic benefits for enterprises, which must be paid attention to and cannot be ignored. Trade unions in enterprises should strengthen supervision to ensure the effective implementation of funds.
Four, strict rewards and punishments, enhance the sense of responsibility of employees.
Perfecting the construction of safety production system and establishing reward and punishment mechanism are aimed at rewarding diligence and punishing inferiority. Those who put forward important suggestions to eliminate hidden dangers of accidents and avoid major accidents should be rewarded. Especially for those full-time and part-time safety officers who are conscientious, hard-working and correctly perform their duties of safety production supervision and management on the construction site, necessary incentives and rewards should be given to make them more practical and active in safety management positions.
How do companies manage data security 1) and establish a normalization mechanism for information security supervision.
On the basis of in-depth information security work, the first enterprise information security supervision team in Chongqing was established to normalize, fix and streamline the information security supervision work. The Measures for Information Security Supervision and Management of Chongqing Electric Power Company were formulated. According to this management method, the company has carried out a number of work such as the Spring Festival, the special supervision of the two sessions, the information security supervision of power supply companies, and the information security supervision of the World Expo. On May 21-May 22, the inspection team of State Grid Corporation made a special inspection of Chongqing Company's information security, and obtained a good evaluation.
2) Carry out special actions to crack down on information security violations.
In order to strive to achieve the "three noes" basic security objectives, eradicate persistent violations, eliminate hidden dangers of accidents, and comprehensively improve the controllability, controllability and controllability of information systems, the company compiled and issued the "Chongqing Electric Power Company Information Security Anti-Violation Special Activity Plan" to all units of the company. Organize all employees to learn the baseline measures of information security against accidents and carry out information security publicity and education through the special activities of information security against violations; The focus is on information security supervision and the implementation of hidden danger investigation mechanism. , and timely rectified the weak passwords found in the company's mail system and application system.
3. Strengthen emergency drills and special security.
1) Organize emergency drills.
For the first time, the company successfully held a joint emergency drill of information wide area network involving ICT, Jiangbei Power Supply Bureau, Yangjiaping Power Supply Bureau and EHV Bureau. It has changed the situation that everyone was in a separate array before troubleshooting the WAN, and replaced it with advanced remote unified command and cooperation. Through this exercise, it provides a new mode for future remote unified command and collaborative handling of sudden failures of information systems.
2) Ensure the information security during the peak summer and the World Expo.
In order to ensure the network and information security during the peak summer and the World Expo, the company has carried out the following three aspects: First, improve the emergency handling mechanism of the information system. Second, work has been carried out in security area division, partition protection, secure terminal access, etc., which has strengthened the comprehensive protection of business application systems and core equipment, and increased the security inspection and malicious attack prevention of Internet export and foreign service systems. The third is to strengthen the operation and maintenance duty system, especially the duty management in important and special periods.
4. Information security talent echelon construction
1) held the company's first information technology skills competition.
The whole company organized the first information technology skills competition. The company directly under and holding 40 units of the power supply company participated in the competition. The development of this competition is of great significance for building an information-based high-skilled talent team and an excellent operation and maintenance of information technology team, and further improving the level of information construction in the whole company.
2) Information security training for freshmen.
Insist on information security education from the source and constantly innovate information security education and training. Every year, new college students are trained in information security knowledge, so that every college student can deeply understand the importance of information security, sound the security alarm, firmly establish the awareness of information security, and strictly abide by the relevant rules and regulations on information security and confidentiality in future work.
(2) Breakthrough and innovation: information security standardization system construction.
According to ISO2700 1 standard, the standardized management system of company information security is established. From the original 1 1 * *, 64 information security rules and regulations were sorted out, 24 systems were newly compiled and 20 systems were revised, which ensured the advancement and integrity of the company's information security management system.